Deploying or Removing the FEP Client Software

  • Article

Applies To: Forefront Endpoint Protection

You can use the Configuration Manager Windows Management Instrumentation (WMI) provider to automate the creation of software packages and the assignments of the software packages to collections.

Prerequisites

In order to create a script similar to the example in this topic, you must have the following prerequisite software:

  • Windows PowerShell (either version 1.0 or 2.0)

The following script demonstrates how you can deploy (or remove) the FEP client to a collection. The script defines switches to specify the Configuration Manager information needed, and uses that information to create a mandatory advertisement of the FEP deployment package.

function CreateDeploymentAdvertisement(

    $ConfigMgrServer,                   # Config Mgr WMI site provider to connect to. e.g. MyServer
    $SiteCode,                     # Config Mgr site code. e.g. ABC
    $CollectionID,                 # Target collection ID. e.g. ABC00008
    $AdvertisementName,            # Requested name for the deployment advertisement. e.g. Deploy FEP
    [switch]$IncludeSubCollection, # Switch to include subcollection, default is false (not include)
    [switch]$Uninstall)            # Switch to do uninstall. Default is Install

{
    $ConfigMgrNamespace = "root\sms\site_$SiteCode"
    $now = Get-Date -Format "yyyyMMddhhmmss.ffffff+***" # Config Mgr time format
    $ConfigMgrProviderPath = "\\" + (Join-Path $ConfigMgrServer $ConfigMgrNamespace) # WMI provider full path
    
    # Get the FEP deployment package to be used when creating the advertisement
    $package = Get-WmiObject -class "SMS_Package" -filter "MifName='FEP - Deployment'" -namespace $ConfigMgrNamespace -computername $ConfigMgrServer
     
    # Create a new SMS advertisement instance for the FEP deployment package. The program installs or uninstalls depending on $Uninstall switch        
    # For more information about the SMS_Advertisement Server WMI class, see https://go.microsoft.com/fwlink/?LinkID=208535 on MSDN.
    $newAdvertisement =    ([WmiClass]($ConfigMgrProviderPath + ":SMS_Advertisement")).CreateInstance()    
    $newAdvertisement.CollectionID = $CollectionID
    $newAdvertisement.PackageID = $package.PackageID
    $newAdvertisement.ProgramName = if ($Uninstall) { "Uninstall" } else { "Install" }
    $newAdvertisement.AdvertisementName = $AdvertisementName
    $newAdvertisement.AdvertFlags = 0x02000000 -bor 0x00100000 # NO_DISPLAY | OVERRIDE_SERVICE_WINDOWS
    $newAdvertisement.RemoteClientFlags = 0x00002000 -bor 0x00000010 -bor 0x00000040  # RERUN_IF_FAILED | DOWNLOAD_FROM_LOCAL_DISPPOINT | DOWNLOAD_FROM_REMOTE_DISPPOINT
    $newAdvertisement.IncludeSubCollection = $IncludeSubCollection
    $newAdvertisement.PresentTime = $now
    
    # Create a mandatory assignment schedule
    $AssignedSchedule = ([WmiClass]($ConfigMgrProviderPath + ":SMS_ST_NonRecurring")).CreateInstance()  
    $AssignedSchedule.StartTime = $now
    
    $newAdvertisement.AssignedScheduleEnabled = $true
    $newAdvertisement.AssignedSchedule = $AssignedSchedule

    $newAdvertisement.Put()
    
    Write-Output "Created FEP client roll out advertisement: $AdvertisementName"
}